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TN THE CLAIMS 
Please amend claims 1, 40 and 79 as follows: 



1. (AMENDED) A network multiplexing and tunneling system, composing at least two 
devices connected across a network by a secute connection created at a user-level, wherein the 
secure connection is a single encrypted Secure Sockets Layer (SSL) Transmission Control Protocol 
(TCP) connection, each of the devices authenticates the other device after the secute connection is 
opened, at least one of the devices multiplexes other connections through the secure connection 
after both the devices have been authenticated, and either endpoint of the secure connection can 
receive connection requests for the multiplexed othe r connections. 

\y 2. (ORIGINAL) Hie system of claim 1, wherein the other connections are selected from a 

group comprising Transmission Control Protocol (TCP) and UDP (User Datagram Protocol) 
connections. 

3. (ORIGINAL) The system of claim 1, wherein the secure connection is symmetric. 

4. (CANCELLED) 

5. (ORIGINAL) The system of claim 1, wherein either endpoint of the secure connection 
can receive data. 

6. (ORIGINAL) The system of claim 1, further comprising means for maintaining send 
buffers on each endpoint. 

7. (ORIGINAL) The system of claim 1, further comprising means for forwarding data 
through the secure connection when there are sufficient send buffers for receiving the forwarded 
data on the other endpoint, 

8. (ORIGINAL) The system of claim 1, further comprising means for queuing data received 
at each endpoint. 



-2- 

Received from < +13106418798 > at 10115103 2:45:02 PM [Eastern Daylight Time] 



G&C 30879.64-US-O1 



10-15-2003 10:44AM F ROM-Gates & Cooper LLP 



+131 0641 8798 



T-380 P. 007/025 F-307 



9. (ORIGINAL) The system of claim 8, further comprising means for dispatching the 
queued data at each endpoint to its final destination. 

10. (ORIGINAL) The system of claim 9, further comprising means for acknowledging 
receipt of the data after the queued data is dispatched to its final destination, thereby tracking usage 
of buffers at the endpoint. 



11. (ORIGINAL) The system of claim 1, further comprising means for buffering data 
transmitted through the multiplexed other connections for flow control through the secure 
connection. 

12. (ORIGINAL) The system of claim 1, further comprising means for resolving domain 
names through the secure connection. 

13. (ORIGINAL) The system of claim 1, further comprising means for operating the secure 
connection according to a mode selected from a group comprising a stand a lone proxy mode, a 
packet filter mode, and a SOCKetS server (SOCKS) mode. 



14. (ORIGINAL) The system of claim 1, wherein the endpoints comprise a Portal and a 

Gate. 

15. (ORIGINAL) The system of claim 14, wherein the Gate comprises a server executed by 
a firewall bastion host computer. 

16. (ORIGINAL) The system of claim 14, wherein the Portal comprises a client executed by 
a user's computer. 

17. (ORIGINAL) The system of claim 1, further comprising means for accessing an Intranet 
from the Internet using the secure connection. 
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18. (ORIGINAL) The system of claim 17, further comprising means for creating a 
connection from a Portal on a client computer on the Internet to a Gate on a firewall bastion host 
computer on the Intranet through the secure connection. 

19. (ORIGINAL) The system of claim 17, further comprising means fox creating a 
connection from a Portal on a client computer on the Internet to a proxy on a firewall bastion host 
computer on the Intranet through the secure connection and from the proxy to a Gate on a host 
computet on the Intranet through the secure connection. 

20. (ORIGINAL) The system of claim 17, farther comprising means for creating a 
connection from a Portal on a client computer on the Internet to a packet filter on a firewall bastion 
host computer on the Intranet through the secure connection and from the packet tiler to a Gate on 
a host computer on the Intranet through the secure connection. 

21. (ORIGINAL) The system of claim 1, further comprising means for accessing the 
Internet from an Intranet using the secure connection. 

22. (ORIGINAL) The system of claim 21, further comprising means for creating a 
connection from a Portal on a client computer on the Intranet to a Gate on a host computer on the 
Internet through the secure connection. 

23- (ORIGINAL) The system of claim 21, farther comprising means for creating a 
connection from a Portal on a firewall bastion host computer on the Intranet to a host computer on 
the Internet through the secure connection. 

24. (ORIGINAL) The system of claim 21, further comprising means for creating a 
connection from a Portal on a client computer on the Intranet to a proxy on a firewall bastion host 
computer on the Intranet through the secure connection and from the proxy to a Gate on a host 
computer on the Internet through the secure connection. 

25. (ORIGINAL) The system of claim 21, further comprising means for creating a 
connection from a Portal on a client computer on the Intranet to a packet filter on a firewall bastion 
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host computer on the Intranet through the secure connection and from the packet filex to a Gate on 
a host computer on the Internet through the secure connection. 

26. (ORIGINAL) The system of claim I, further comprising means for accessing a first 
Intranet from a. second Intranet across the Internet using the secure connection. 

27. (ORIGINAL) The system of rWm 26, further comprising means for creating a 
connection from a Portal on a client computer on the first Intranet to a Gate on a firewall bastion 
host computer on the first Intranet through the secure connection, and from the Gate on me 
firewall bastion host computer on the first Intranet through the Internet to a Gate on a firewall 
bastion host computer on the second Intranet through the secure connection, and from the Gate on 
the firewall bastion host computet on the second Intranet to a host computer on the second 
Intranet through the secure connection. 

28. (ORIGINAL) The system of claim 1, wherein records are exchanged between the 
endpoints of the secure connection. 

29. (ORIGINAL) The system of claim 28, wherein the records are selected from a group 
comprising! UsherOpen, UsherOpenReply, UsherSend, UsherClose, UsherSendUdp, UsherAck, 
UshexEnd, and UsherRST records. 

30. (ORIGINAL) The system of claim 29, wherein the UsherOpen records are sent by a 
Portal to a Gate to open a Transmission Control Protocol (TCP) connection. 

31. (ORIGINAL) The system of claim 29, wherein the UsherOpenReply records are sent by 
a Gate to a Portal to respond to an UsherOpen record. 

32. (ORIGINAL) The system of claim 29, wherein the UsherSend records are sent by either 
a Gate ox a Portal to transmit data therebetween. 

33. (ORIGINAL) The system of claim 29, wherein the UsherAck records are sent by either a 
Gate or a Portal to acknowledge a receipt of data therebetween. 
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34. (ORIGINAL) The system of ckim 29, wherein the UsherAck records arc not send when 
data received by either a Gate or a Portal is queued prior to being forwarded to its destination. 

35. (ORIGINAL) The system of claim 29, wherein the UshetAck records are sent only when 
data received by either a Gate or a Portal has been forwarded to its destination. 

36. (ORIGINAL) The system of <-1aim 29, wherein the UsherClose records are sent by either 
a Gate or a Portal to terminate a session. 

37. (ORIGINAL) The system of 29, wherein the UsherSendUdp records ate sent by 
either a Gate or a Portal to transmit UDP (User Datagram Protocol) packets therebetween. 

38. (ORIGINAL) Hie system of claim 29, wherein the UsherEnd records are sent by either 
a Gate or a Portal to terminate a multiplexed other connection. 

39. (ORIGINAL) The system of claim 29, wherein the UsherRST records are sent by either 
a Gate ox a Portal to reset a multiplexed other connection. 

40. (AMENDED) A transmission media communicating data via a secure connection 
created at a user-level between two endpoints in a network, wherein the secure connection is a single 
encrypted Secure Sockets Layer (SSL) Transmission Control Protocol (TCP) connection, each of the 
endpoints authenticates the other device after the secure connection is opened, at least one of the 
endpoints multiplexes other connections through the secure connection after both the endpoints 
have been authenticated, and either endpoint of the secure connection can receive connection 
requests for the multiplexed other connections . 

41. (ORIGINAL) The transmission media of 40, wherein the other connections ate 
selected from a group comprising Transmission Control Protocol (TCP) and UDP (User Datagram 
Protocol) connections. 

42. (ORIGINAL) The transmission media of claim 40, wherein the secure connection is 
symmetric. 

-6- 

G&C 3O879.64-US-01 

Recdved from < -M3106418798 > at 10/1H03 2:45:02 PM {Eastern DayOght Time] 




1 

10-15-2003 10:45AM FROM-Gates t Cooper LLP +13106418798 T-360 P. 011/025 F-397 



43. (CANCELLED) 

44. (ORIGINAL) The transmission media of claim 40, wherein either endpoint of the secure 
connection can receive data. 

45. (ORIGINAL) The transmission, media of claim 40, farther comprising maintaining send 
buffers on each endpoint 

4<5. (ORIGINAL) The transmission media of claim 40, further comprising forwarding data 
through the secure connection when there are sufficient send buffers for receiving the forwarded 
data on the other endpoint. 

47. (ORIGINAL) The transmission media of claim 40, further comprising queuing data 
received at each endpoint. 

48. (ORIGINAL) The transmission media of claim 47, further comprising dispatching the 
queued data at each endpoint to its final destination, 

49. (ORIGINAL) The transmission media of claim 48, former comprising acknowledging 
receipt of the data after the queued data is dispatched to its final destination, thereby tracking usage 
of buffers at the endpoint 

50. (ORIGINAL) The uans mission media of claim 40, further comprising buffering data 
transmitted through the multiplexed other connections for flow control through the secure 
connection. 

51. (ORIGINAL) The transmission media of claim 40, further comprising resolving domain 
names through the secure connection. 

52. (ORIGINAL) The transmission media of claim 40, further comprising operating the 
secure connection according to a mode selected from a group comprising a standalone proxy mode, 
a packet filter mode, and a SOCKetS server (SOCKS) mode. 
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53. (ORIGINAL) The transmission media of claim 40, wherein the endpoints comprise a 
Portal and a Gate. 

54. (ORIGINAL) The transmission media of claim 53, wherein the Gate comprises a server 
executed by a firewall bastion host computex. 

55. (ORIGINAL) The transmission media of claim 53, wherein the Portal comprises a client 
executed by a user's computer. 

56. (ORIGINAL) The transmission media of claim 40, further comprising accessing an 
Intranet from the Internet using the secure connection, 

57. (ORIGINAL) The transmission media of claim 56, further comprising creating a 
connection from a Portal on a client computer on the Internet to a Gate on a firewall bastion host 
computer on the Intranet through the secure connection. 

58. (ORIGINAL) The transmission media of claim 56, further comprising creating a 
connection from a Portal on a client computer on the Internet to a proxy on a firewall bastion host 
computer on the Intranet through the secure connection and from the proxy to a Gate on a host 
computer on the Intranet through the secure connection. 

59. (ORIGINAL) The transmission media of claim 56, further comprising creating a 
connection from a Portal on a client computer on the Internet to a packet filter on a firewall bastion 
host computer on the Intranet through the secure connection and from the packet filer to a Gate on 
a host computer on the Intranet through the secure connection. 

60. (ORIGINAL) The transmission media of claim 40, further comprising accessing the 
Internet from an Intranet using the secure connection. 

61. (ORIGINAL) The transmission media of claim 60, further comprising creating a 
connection from a Portal on a client computer on the Intranet to a Gate on a host computer on the 
Internet through the secure connection. 
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62. (ORIGINAL) The transmission media of claim 60, further comprising creating a 
connection from a Portal on a firewall bastion host computer on the Intranet to a host computer on 
the Internet through the secure connection. 

63. (ORIGINAL) The transmission media of claim 60, further comprising creating a 
connection from a Portal on a client computer on the Intranet to a prosy on a firewall bastion host 
computet on the Intranet through the secure connection and from the proxy to a Gate on a host 
computer on the Internet through the secure correction. 

64. (ORIGINAL) Trie transmission media of claim 60, further comprising creating a 
connection from a Portal on a client computer on the Intranet to a packet filter on a firewall bastion 
host computer on the Intranet through the secure connection and from the packet filer to a Gate on 
a host computer on the Internet through the secure connection. 

65. (ORIGINAL) The transmission media of claim 40, further comprising accessing a first 
Intranet from a second Intranet across the Internet using the secure connection. 

66. (ORIGINAL) The transmission media of claim 65, further comprising creating a 
connection from a Portal on a client computer on the first Intranet to a Gate on a firewall bastion 
host computer on the first Intranet through the secure connection, and from the Gate on the 
firewall bastion host computer on the first Intranet through the Internet to a Gate on a firewall 
bastion host computer on the second Intranet through the secure connection, and from the Gate on 
the firewall bastion host computer on the second Intranet to a host computer on the second 
Intranet through the secure connection. 

67. (ORIGINAL) The transmission media of claim 40, wherein records are exchanged 
between the endpoints of the secure connection. 

68. (ORIGINAL) The transmission media of claim 67, wherein the records are selected 
from a group comprising: UsherOpen, UsherOpenReply, UsherSend, UsherOose, UsherSendUdp, 
UsherAck, UsherEnd, and UsherRST records. 
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69. (ORIGINAL) The transmission media of claim 68, wherein the UsherOpen records are 
sent by a Portal to a Gate to open a Transmission Comiol Protocol (TCP) connection. 

70. (ORIGINAL) Tne transmission media of claim 68, wherein the UshexOpenReply 
records are sent by a Gate to a Portal to respond to an UsherOpen record. 

71. (ORIGINAL) The transmission media of claim 68, wherein the UsherSend records are 
sent by either a Gate or a Portal to transmit data therebetween. 

72. (ORIGINAL) The transmission media of claim 68, wherein the UsherAck records are 
V sent by either a Gate or a Portal to acknowledge a receipt of data therebetween. 

73. (ORIGINAL) The transmission media of claim 68, wherein the UsherAck records arc 
not send when data received by either a Gate or a Portal is queued prior to being forwarded to its 
destination. 

74. (ORIGINAL) The transmission media of rMm 68, wherein the UsherAck records axe 
sent only when data received by either a Gate or a Portal has been forwarded to its destination. 

75. (ORIGINAL) The transmission media of claim 68, wherein the UsherClose records are 
sent by either a Gate or a Portal to terminate a session. 

76. (ORIGINAL) The transmission media of claim 68, wherein the UsherSendUdp records 
are sent by either a Gate or a Portal to transmit UDP (User Datagram Protocol) packets 
therebetween. 

77. (ORIGINAL) The transmission media of claim 68, wherein the UsherEnd records are 
sent by either a Gate or a Portal to terminate a multiplexed other connection. 

78. (ORIGINAL) The transmission media of rloim 68, wherein the UsherRST records are 
sent by either a Gate or a Portal to reset a multiplexed other connection. 



-10- 

G&C 30879.fi4-US-0t 



Received from< +1310641 3793 > at ItNMB 2:45:02 PM [Eastern Daylight Time] 



10:15-2003 10:48AM F ROM-Gat as & Cooper LLP +13106418798 T-360 P. 015/025 F-397 



V 



79. (AMENDED) A method for network multiplexing and tunneling, comprising: 

(a) opening a single Transmission Control Protocol (TCP) connection at a user-level 
between at least two endpoints in the network; 

(b) esteblishing a secure connection using Secure Sockets Layer (SSL) over the opened 
Transmission Control Protocol (TCP) connectio n, w hu L m cither cad pm nL o f t he jccuil ujnncctio n 
can receive connection gcqueata ; 

(c) mutually authenticating each of the endpoints of the secure ejection; and 

(d) multiplexing other connections through the secure connection once both of the 
endpoints have been «mWti<-*t e d T wherein eith e r ^ d paint of the secure connection can recede 
connection requests for the multiplexed nther connections. 

80. (ORIGINAL) The method of H^™ 79, wherein the other connections are selected from 
a group comprising Transmission Control Protocol (TCP) and UDP (User Datagram Protocol) 
connections. 

81. (ORIGINAL) The method of claim 79, wherein the secure connection is symmetric. 

82. (CANCELLED) 

83. (ORIGINAL) The method of claim 79, wherein either endpoint of the secure 
connection can receive data. 

84. (ORIGINAL) The method of claim 79, further comprising maintaining send buffers on 
each endpoint 

85. (ORIGINAL) The method of claim 79, further comprising forwarding data through the 
secure connection when there are sufficient send buffers for receiving the forwarded data on the 
other endpoint 

86. (ORIGINAL) The method of claim 79, further comprising queuing data received at each 
endpoint. 
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87. (ORIGINAL) The method of claim 86, further comprising dispatching the queued data 
at each endpoint to its final destination. 

88. (ORIGINAL) The method of claim 87, further comprising acknowledging receipt of the 
data after the queued data is dispatched to its final destination, thereby tracking usage of buffers at 
the endpoint. 

89. (ORIGINAL) Hie method of r**'™ 79, further comprising buffering data transmitted 
through the multiplexed other connections for flow control through the secure connection. 

90. (ORIGINAL) The method of claim 79, further comprising resolving domain names 
through the secure connection. 

91. (ORIGINAL) The method of claim 79, further comprising operating the secure 
connection according to a mode selected from a group comprising a standalone proxy mode, a 
packet filter mode, and a SOCKetS server (SOCKS) mode. 

9Z (ORIGINAL) The method of c1?»n 79, wherein the endpoints comprise a Portal and a 

Gate. 



93. (ORIGINAL) The method of claim 92, wherein the Gate comprises a server executed by 
a firewall bastion host computer. 

94. (ORIGINAL) The method of claim 92, wherein the Portal comprises a client executed 
by a user's computer. 

95. (ORIGINAL) The method of claim 79, further comprising accessing an Intranet from 
the Internet using the secure connection. 

96. (ORIGINAL) The method of claim 95, further comprising creating a connection from a 
Portal on a client computer on me Internet to a Gate on a firewall bastion host computer on the 
Intranet through the secure connection. 
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97. (ORIGINAL) The method of claim 95, further comprising creating a connection from a 
Portal on a client computer on the Internet to a proxy on a firewall bastion host computer on the 
Intranet through the secure connection and from the proxy to a Gate on a host computer on the 
Intranet through the secure connection. 

98. (ORIGINAL) Hie method of cl fl'™ 95, further comprising creating a connection from a 
Portal on a client computer on the Internet to a packet filler on a firewall bastion host computer on 
the Intranet through the secure connection and from the packet filer to a Gate on a host computer 
on the Intranet through the secure connection. 

99. (ORIGINAL) The method of rlaim 79, further comprising accessing the Internet from 
an Intranet using the secure connection. 

100. (ORIGINAL) The method of claim 99, further comprising creating a connection from 
a Portal on a client computer on the Intranet to a Gate on a host computer on the Internet through 
the secure connection. 

101. (ORIGINAL) The method of rU\m 99, further comprising creating a connection from 
a Portal on a firewall bastion host computer on the Intranet to a host computer on the Internet 
through the secure connection. 

102. (ORIGINAL) The method of claim 99, further comprising creating a connection from 
a Portal on a client computer on the Intranet to a proxy on a firewall bastion host computer on the 
Intranet through the secure connection and from the proxy to a Gate on a host computer on the 
Internet through the secure connection. 

103. (ORIGINAL) The method of claim 99, further comprising creating a connection from 
a Portal on a client computer on the Intranet to a packet filter on a firewall basrion host computer 
on the Intranet through the secure connection and from the packet filer to a Gate on a host 
computer on the Internet through the secure connection. 
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104. (ORIGINAL) The method of claim 79, further comprising accessing a first Intranet 
from a second Intranet across the Internet using the secure connection. 

105. (ORIGINAL) Hie method of claim 104, further comprising creating a connection from 
a Portal on a client computer on the first Intranet to a Gate on a firewall bastion host computer on 
the first Intranet through the secure connection, and fiom the Gate on the firewall bastion host 
computer on the first Intranet through the Internet to a Gate on a firewall bastion host computer on 
the second Intranet through the secure connection, and from the Gate on the firewall bastion host 
computer on the second Intranet to a host computer on the second Intranet through the secure 
connection. 

106. (ORIGINAL) The method of claim 79, wherein records are exchanged between the 
endpoints of the secure connection. 

107. (ORIGINAL) The method of claim 106, wherein the records are selected from a group 
comprising: UsherOpen, UsherOpenReply, UsherSend, UsherOose, UsherSendUdp, UsherAck, 
UsherEnd, and UsherRST records. 

108. (ORIGINAL) The method of claim 107, wherein the UsherOpen records are sent by a 
Portal to a Gate to open a Transmission Control Protocol (TCP) connection- 

109. (ORIGINAL) The method of claim 107, wherein the UsherOpenReply records are sent 
by a Gate to a Portal to respond to an UsherOpen record. 

110. (ORIGINAL) The method of claim 107, wherein the UsherSend records are sent by 
either a Gate or a Portal to transmit data therebetween. 




111. (ORIGINAL) The method of claim 1 07, wherein the UsherAck records are sent by 
either a Gate or a Portal to acknowledge a receipt of data therebetween. 

1 12. (ORIGINAL) The method of claim 107, wherein the UsherAck records are not send 
when data received by either a Gate ox a Portal is queued prior to being forwarded to its destination. 
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113. (ORIGINAL) The method of claim 107, wherein the UshcrAck records are sent only 
when data received by either a Gate or a Portal has been forwarded to its destination. 

114. (ORIGINAL) The method of claim 107, wherein the UsherClose records are sent by 
either a Gate or a Portal to terminate a session. 

115. (ORIGINAL) The method of claim 107, wherein the UsherSendUdp records are sent 
by either a Gate or a Portal to transmit UDP (User Datagram Protocol) packets therebetween, 

116. (ORIGINAL) The method of claim 107, wherein the UsherEnd records are sent by 
either a Gate or a Portal to tenrunate a multiplexed other connection. 



117- (ORIGINAL) TTie method of claim 107, wherein the UsherRST records are sent by 
either a Gate or a Portal to reset a multiplexed other connection. 
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